by XaKeP
Original Filename unknown
Written in Delphi
Made in Russia
dropped file: c:\WINDOWS\system32\PPDomain.exe size: 482,816 bytes startup: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run "PPRegDomain" data: C:\WINDOWS\System32\PPDomain.exe HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run "PPRegDomain" data: C:\WINDOWS\System32\PPDomain.exe HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "PPRegDomain" data: C:\WINDOWS\System32\PPDomain.exe tested on Windows XP August 13, 2005MegaSecurity